sux, an enhancer for su

[Peter Lamb]

peltz at cerl.uiuc.edu (Steve Peltz) writes:
>WILL work, wouldn't the following one-line shell script do just as well?

  N O O O O O O O O !!!!!!

>Maybe there's a reason; maybe the "groups" command is Sun specific or
>something...

  No.	

>Don't forget to change it to be owned by root and setuid and executable...

If I can execute a setuid root script I can become root (independent of
its contents). So can a very large range of other people. Some of them
not friendly enough to warn you about it.

>Sorry - not in shar format; why put in an extra 20 lines to wrap 2?

>#!/bin/sh
>groups | grep -s wheel && su $* || echo Sorry

Don't do it !

Don't install this script. Don't make it set{uid,gid}.

Setuid shell scripts are security holes!


--
Peter Lamb
uucp:  uunet!mcsun!ethz!prl	eunet: prl at iis.ethz.ch	Tel:   +411 256 5241
Integrated Systems Laboratory
ETH-Zentrum, 8092 Zurich